In our previous post we detailed our running across a vulnerable WordPress plugin made by Facebook with 200,000+ installs, after noticing that we did a quick check to see if any other there other plugins had similar issues. We found that their plugin Messenger Customer Chat, which has 20,000+ installs, contains a similar vulnerability, though in this case the code is even less secure.

The plugin registers the function fbmcc_update_options() to be accessible to anyone logged in to WordPress through its AJAX functionality: [Read more]